547 lines
15 KiB
Go
547 lines
15 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"encoding/json"
|
|
"errors"
|
|
"flag"
|
|
"io"
|
|
"log"
|
|
"net"
|
|
"net/http"
|
|
"os"
|
|
"regexp"
|
|
"runtime"
|
|
"strings"
|
|
"sync/atomic"
|
|
"syscall"
|
|
"time"
|
|
|
|
"github.com/conduitio/bwlimit"
|
|
"github.com/prometheus/client_golang/prometheus"
|
|
"github.com/prometheus/client_golang/prometheus/promhttp"
|
|
"github.com/quic-go/quic-go"
|
|
"github.com/quic-go/quic-go/http3"
|
|
)
|
|
|
|
var (
|
|
wl = flag.Int("w", 8000, "Write limit in Kbps")
|
|
rl = flag.Int("r", 8000, "Read limit in Kbps")
|
|
)
|
|
|
|
var h3client = &http.Client{
|
|
Transport: &http3.Transport{},
|
|
Timeout: 10 * time.Second,
|
|
}
|
|
|
|
var dialer = &net.Dialer{
|
|
Timeout: 30 * time.Second,
|
|
KeepAlive: 30 * time.Second,
|
|
}
|
|
|
|
// http/2 client
|
|
var h2client = &http.Client{
|
|
Transport: &http.Transport{
|
|
Dial: func(network, addr string) (net.Conn, error) {
|
|
var net string
|
|
if ipv6_only {
|
|
net = "tcp6"
|
|
} else {
|
|
net = "tcp4"
|
|
}
|
|
return dialer.Dial(net, addr)
|
|
},
|
|
TLSHandshakeTimeout: 10 * time.Second,
|
|
ResponseHeaderTimeout: 20 * time.Second,
|
|
ExpectContinueTimeout: 1 * time.Second,
|
|
IdleConnTimeout: 30 * time.Second,
|
|
ReadBufferSize: 16 * 1024,
|
|
ForceAttemptHTTP2: true,
|
|
MaxConnsPerHost: 0,
|
|
MaxIdleConnsPerHost: 10,
|
|
MaxIdleConns: 0,
|
|
},
|
|
}
|
|
|
|
var client *http.Client
|
|
|
|
var default_ua = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
|
|
|
|
var allowed_hosts = []string{
|
|
"youtube.com",
|
|
"googlevideo.com",
|
|
"ytimg.com",
|
|
"ggpht.com",
|
|
"googleusercontent.com",
|
|
}
|
|
|
|
var strip_headers = []string{
|
|
"Accept-Encoding",
|
|
"Authorization",
|
|
"Origin",
|
|
"Referer",
|
|
"Cookie",
|
|
"Set-Cookie",
|
|
"Etag",
|
|
"Alt-Svc",
|
|
"Server",
|
|
"Cache-Control",
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to
|
|
"report-to",
|
|
}
|
|
|
|
var path_prefix = ""
|
|
|
|
var manifest_re = regexp.MustCompile(`(?m)URI="([^"]+)"`)
|
|
|
|
var ipv6_only = false
|
|
|
|
var version string
|
|
|
|
var h3s bool
|
|
|
|
var programInit = time.Now()
|
|
|
|
type ConnectionWatcher struct {
|
|
totalEstablished int64
|
|
established int64
|
|
active int64
|
|
idle int64
|
|
}
|
|
|
|
// https://stackoverflow.com/questions/51317122/how-to-get-number-of-idle-and-active-connections-in-go
|
|
|
|
// OnStateChange records open connections in response to connection
|
|
// state changes. Set net/http Server.ConnState to this method
|
|
// as value.
|
|
func (cw *ConnectionWatcher) OnStateChange(conn net.Conn, state http.ConnState) {
|
|
switch state {
|
|
case http.StateNew:
|
|
atomic.AddInt64(&stats_.EstablishedConnections, 1)
|
|
metrics.EstablishedConnections.Inc()
|
|
atomic.AddInt64(&stats_.TotalConnEstablished, 1)
|
|
metrics.TotalConnEstablished.Inc()
|
|
// case http.StateActive:
|
|
// atomic.AddInt64(&cw.active, 1)
|
|
case http.StateClosed, http.StateHijacked:
|
|
atomic.AddInt64(&stats_.EstablishedConnections, -1)
|
|
metrics.EstablishedConnections.Dec()
|
|
}
|
|
}
|
|
|
|
// // Count returns the number of connections at the time
|
|
// // the call.
|
|
// func (cw *ConnectionWatcher) Count() int {
|
|
// return int(atomic.LoadInt64(&cw.n))
|
|
// }
|
|
|
|
// // Add adds c to the number of active connections.
|
|
// func (cw *ConnectionWatcher) Add(c int64) {
|
|
// atomic.AddInt64(&cw.n, c)
|
|
// }
|
|
|
|
var cw ConnectionWatcher
|
|
|
|
type statusJson struct {
|
|
Version string `json:"version"`
|
|
Uptime time.Duration `json:"uptime"`
|
|
RequestCount int64 `json:"requestCount"`
|
|
RequestPerSecond int64 `json:"requestPerSecond"`
|
|
RequestPerMinute int64 `json:"requestPerMinute"`
|
|
TotalConnEstablished int64 `json:"totalEstablished"`
|
|
EstablishedConnections int64 `json:"establishedConnections"`
|
|
ActiveConnections int64 `json:"activeConnections"`
|
|
IdleConnections int64 `json:"idleConnections"`
|
|
RequestsForbidden struct {
|
|
Videoplayback int64 `json:"videoplayback"`
|
|
Vi int64 `json:"vi"`
|
|
Ggpht int64 `json:"ggpht"`
|
|
} `json:"requestsForbidden"`
|
|
}
|
|
|
|
var stats_ = statusJson{
|
|
Version: version + "-" + runtime.GOARCH,
|
|
Uptime: 0,
|
|
RequestCount: 0,
|
|
RequestPerSecond: 0,
|
|
RequestPerMinute: 0,
|
|
TotalConnEstablished: 0,
|
|
EstablishedConnections: 0,
|
|
ActiveConnections: 0,
|
|
IdleConnections: 0,
|
|
RequestsForbidden: struct {
|
|
Videoplayback int64 `json:"videoplayback"`
|
|
Vi int64 `json:"vi"`
|
|
Ggpht int64 `json:"ggpht"`
|
|
}{
|
|
Videoplayback: 0,
|
|
Vi: 0,
|
|
Ggpht: 0,
|
|
},
|
|
}
|
|
|
|
type Metrics struct {
|
|
Uptime prometheus.Gauge
|
|
RequestCount prometheus.Counter
|
|
RequestPerSecond prometheus.Gauge
|
|
RequestPerMinute prometheus.Gauge
|
|
TotalConnEstablished prometheus.Counter
|
|
EstablishedConnections prometheus.Gauge
|
|
ActiveConnections prometheus.Gauge
|
|
IdleConnections prometheus.Gauge
|
|
RequestForbidden struct {
|
|
Videoplayback prometheus.Counter
|
|
Vi prometheus.Counter
|
|
Ggpht prometheus.Counter
|
|
}
|
|
}
|
|
|
|
var metrics = Metrics{
|
|
Uptime: prometheus.NewGauge(prometheus.GaugeOpts{
|
|
Name: "http3_ytproxy_uptime",
|
|
}),
|
|
RequestCount: prometheus.NewGauge(prometheus.GaugeOpts{
|
|
Name: "http3_ytproxy_request_count",
|
|
}),
|
|
RequestPerSecond: prometheus.NewGauge(prometheus.GaugeOpts{
|
|
Name: "http3_ytproxy_request_per_second",
|
|
}),
|
|
RequestPerMinute: prometheus.NewGauge(prometheus.GaugeOpts{
|
|
Name: "http3_ytproxy_request_per_minute",
|
|
}),
|
|
TotalConnEstablished: prometheus.NewGauge(prometheus.GaugeOpts{
|
|
Name: "http3_ytproxy_total_conn_established",
|
|
}),
|
|
EstablishedConnections: prometheus.NewGauge(prometheus.GaugeOpts{
|
|
Name: "http3_ytproxy_established_conns",
|
|
}),
|
|
ActiveConnections: prometheus.NewGauge(prometheus.GaugeOpts{
|
|
Name: "http3_ytproxy_active_conns",
|
|
}),
|
|
IdleConnections: prometheus.NewGauge(prometheus.GaugeOpts{
|
|
Name: "http3_ytproxy_idle_conns",
|
|
}),
|
|
|
|
RequestForbidden: struct {
|
|
Videoplayback prometheus.Counter
|
|
Vi prometheus.Counter
|
|
Ggpht prometheus.Counter
|
|
}{
|
|
Videoplayback: prometheus.NewCounter(prometheus.CounterOpts{
|
|
Name: "http3_ytproxy_request_forbidden_videoplayback",
|
|
}),
|
|
Vi: prometheus.NewCounter(prometheus.CounterOpts{
|
|
Name: "http3_ytproxy_request_forbidden_vi",
|
|
}),
|
|
Ggpht: prometheus.NewCounter(prometheus.CounterOpts{
|
|
Name: "http3_ytproxy_request_forbidden_ggpht",
|
|
}),
|
|
},
|
|
}
|
|
|
|
func root(w http.ResponseWriter, req *http.Request) {
|
|
const msg = `
|
|
HTTP youtube proxy for https://inv.nadeko.net
|
|
https://git.nadeko.net/Fijxu/http3-ytproxy
|
|
|
|
Routes:
|
|
/stats
|
|
/health`
|
|
io.WriteString(w, msg)
|
|
}
|
|
|
|
// CustomHandler wraps the default promhttp.Handler with custom logic
|
|
func metricsHandler() http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
// To prevent accessing from the bare IP address
|
|
if req.Host == "" || net.ParseIP(strings.Split(req.Host, ":")[0]) != nil {
|
|
w.WriteHeader(444)
|
|
return
|
|
}
|
|
|
|
metrics.Uptime.Set(float64(time.Duration(time.Since(programInit).Seconds())))
|
|
promhttp.Handler().ServeHTTP(w, req)
|
|
})
|
|
}
|
|
|
|
func stats(w http.ResponseWriter, req *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
stats_.Uptime = time.Duration(time.Since(programInit).Seconds())
|
|
// stats_.TotalEstablished = int64(cw.totalEstablished)
|
|
// stats_.EstablishedConnections = int64(cw.established)
|
|
// stats_.ActiveConnections = int64(cw.active)
|
|
// stats_.IdleConnections = int64(cw.idle)
|
|
|
|
if err := json.NewEncoder(w).Encode(stats_); err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
}
|
|
}
|
|
|
|
func health(w http.ResponseWriter, req *http.Request) {
|
|
w.WriteHeader(200)
|
|
io.WriteString(w, "OK")
|
|
}
|
|
|
|
func requestPerSecond() {
|
|
var last int64
|
|
for {
|
|
time.Sleep(1 * time.Second)
|
|
current := stats_.RequestCount
|
|
stats_.RequestPerSecond = current - last
|
|
metrics.RequestPerSecond.Set(float64(stats_.RequestPerSecond))
|
|
last = current
|
|
}
|
|
}
|
|
|
|
func requestPerMinute() {
|
|
var last int64
|
|
for {
|
|
time.Sleep(60 * time.Second)
|
|
current := stats_.RequestCount
|
|
stats_.RequestPerMinute = current - last
|
|
metrics.RequestPerMinute.Set(float64(stats_.RequestPerMinute))
|
|
last = current
|
|
}
|
|
}
|
|
|
|
func beforeMisc(next http.HandlerFunc) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
defer panicHandler(w)
|
|
|
|
// To prevent accessing from the bare IP address
|
|
if req.Host == "" || net.ParseIP(strings.Split(req.Host, ":")[0]) != nil {
|
|
w.WriteHeader(444)
|
|
return
|
|
}
|
|
|
|
next(w, req)
|
|
}
|
|
}
|
|
|
|
func beforeProxy(next http.HandlerFunc) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
defer panicHandler(w)
|
|
|
|
// To prevent accessing from the bare IP address
|
|
if req.Host == "" || net.ParseIP(strings.Split(req.Host, ":")[0]) != nil {
|
|
w.WriteHeader(444)
|
|
return
|
|
}
|
|
|
|
// Only allow requests from origin inv.nadeko.net
|
|
// Why? Because I don't want anyone to use this proxy for their own purposes.
|
|
// Hardcoded because I'm lazy lol!
|
|
// origin := req.Header.Get("Origin")
|
|
// if origin == "https://inv.nadeko.net" || origin == "https://materialious.nadeko.net" {
|
|
w.Header().Set("Access-Control-Allow-Origin", "*")
|
|
w.Header().Set("Access-Control-Allow-Headers", "*")
|
|
w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, OPTIONS")
|
|
w.Header().Set("Access-Control-Max-Age", "1728000")
|
|
w.Header().Set("Strict-Transport-Security", "max-age=86400")
|
|
// } else {
|
|
// w.WriteHeader(401)
|
|
// io.WriteString(w, "Only requests coming from inv.nadeko.net are allowed.")
|
|
// return
|
|
// }
|
|
|
|
if h3s {
|
|
w.Header().Set("Alt-Svc", "h3=\":8443\"; ma=86400")
|
|
}
|
|
|
|
if req.Method == "OPTIONS" {
|
|
w.WriteHeader(http.StatusOK)
|
|
return
|
|
}
|
|
|
|
if req.Method != "GET" && req.Method != "HEAD" {
|
|
w.WriteHeader(405)
|
|
io.WriteString(w, "Only GET and HEAD requests are allowed.")
|
|
return
|
|
}
|
|
|
|
atomic.AddInt64(&stats_.RequestCount, 1)
|
|
metrics.RequestCount.Inc()
|
|
next(w, req)
|
|
}
|
|
}
|
|
|
|
func main() {
|
|
defaultHost := "0.0.0.0"
|
|
defaultPort := "8080"
|
|
defaultSock := "/tmp/http-ytproxy.sock"
|
|
defaultTLSCert := "/data/cert.pem"
|
|
defaultTLSKey := "/data/key.key"
|
|
|
|
https := os.Getenv("HTTPS") == "1"
|
|
h3c := os.Getenv("H3C") == "1"
|
|
h3s := os.Getenv("H3S") == "1"
|
|
ipv6 := os.Getenv("IPV6_ONLY") == "1"
|
|
|
|
tls_cert := os.Getenv("TLS_CERT")
|
|
if tls_cert == "" {
|
|
tls_cert = defaultTLSCert
|
|
}
|
|
tls_key := os.Getenv("TLS_KEY")
|
|
if tls_key == "" {
|
|
tls_key = defaultTLSKey
|
|
}
|
|
sock := os.Getenv("SOCK_PATH")
|
|
if sock == "" {
|
|
sock = defaultSock
|
|
}
|
|
port := os.Getenv("PORT")
|
|
if port == "" {
|
|
port = defaultPort
|
|
}
|
|
host := os.Getenv("HOST")
|
|
if host == "" {
|
|
host = defaultHost
|
|
}
|
|
|
|
flag.BoolVar(&https, "https", https, "Use built-in https server (recommended)")
|
|
flag.BoolVar(&h3c, "h3c", h3c, "Use HTTP/3 for client requests (high CPU usage)")
|
|
flag.BoolVar(&h3s, "h3s", h3s, "Use HTTP/3 for server requests, (requires HTTPS)")
|
|
flag.BoolVar(&ipv6_only, "ipv6_only", ipv6_only, "Only use ipv6 for requests")
|
|
flag.StringVar(&tls_cert, "tls-cert", tls_cert, "TLS Certificate path")
|
|
flag.StringVar(&tls_key, "tls-key", tls_key, "TLS Certificate Key path")
|
|
flag.StringVar(&sock, "s", sock, "Specify a socket name")
|
|
flag.StringVar(&port, "p", port, "Specify a port number")
|
|
flag.StringVar(&host, "l", host, "Specify a listen address")
|
|
flag.Parse()
|
|
|
|
if h3c {
|
|
client = h3client
|
|
} else {
|
|
client = h2client
|
|
}
|
|
|
|
if https {
|
|
if len(tls_cert) <= 0 {
|
|
log.Fatal("tls-cert argument is missing, you need a TLS certificate for HTTPS")
|
|
}
|
|
|
|
if len(tls_key) <= 0 {
|
|
log.Fatal("tls-key argument is missing, you need a TLS key for HTTPS")
|
|
}
|
|
}
|
|
|
|
ipv6_only = ipv6
|
|
|
|
mux := http.NewServeMux()
|
|
|
|
// MISC ROUTES
|
|
mux.HandleFunc("/", beforeMisc(root))
|
|
mux.HandleFunc("/health", beforeMisc(health))
|
|
mux.HandleFunc("/stats", beforeMisc(stats))
|
|
|
|
prometheus.MustRegister(metrics.Uptime)
|
|
prometheus.MustRegister(metrics.ActiveConnections)
|
|
prometheus.MustRegister(metrics.IdleConnections)
|
|
prometheus.MustRegister(metrics.EstablishedConnections)
|
|
prometheus.MustRegister(metrics.TotalConnEstablished)
|
|
prometheus.MustRegister(metrics.RequestCount)
|
|
prometheus.MustRegister(metrics.RequestPerSecond)
|
|
prometheus.MustRegister(metrics.RequestPerMinute)
|
|
prometheus.MustRegister(metrics.RequestForbidden.Videoplayback)
|
|
prometheus.MustRegister(metrics.RequestForbidden.Vi)
|
|
prometheus.MustRegister(metrics.RequestForbidden.Ggpht)
|
|
|
|
mux.Handle("/metrics", metricsHandler())
|
|
|
|
// PROXY ROUTES
|
|
mux.HandleFunc("/videoplayback", beforeProxy(videoplayback))
|
|
mux.HandleFunc("/vi/", beforeProxy(vi))
|
|
mux.HandleFunc("/vi_webp/", beforeProxy(vi))
|
|
mux.HandleFunc("/sb/", beforeProxy(vi))
|
|
mux.HandleFunc("/ggpht/", beforeProxy(ggpht))
|
|
mux.HandleFunc("/a/", beforeProxy(ggpht))
|
|
mux.HandleFunc("/ytc/", beforeProxy(ggpht))
|
|
|
|
go requestPerSecond()
|
|
go requestPerMinute()
|
|
|
|
ln, err := net.Listen("tcp", host+":"+port)
|
|
if err != nil {
|
|
log.Fatalf("Failed to listen: %v", err)
|
|
}
|
|
|
|
// 1Kbit = 125Bytes
|
|
var (
|
|
writeLimit = bwlimit.Byte(*wl) * bwlimit.Byte(125)
|
|
readLimit = bwlimit.Byte(*rl) * bwlimit.Byte(125)
|
|
)
|
|
|
|
ln = bwlimit.NewListener(ln, writeLimit, readLimit)
|
|
// srvDialer := bwlimit.NewDialer(&net.Dialer{}, writeLimit, readLimit)
|
|
|
|
srv := &http.Server{
|
|
Handler: mux,
|
|
ReadTimeout: 5 * time.Second,
|
|
WriteTimeout: 1 * time.Hour,
|
|
ConnState: cw.OnStateChange,
|
|
}
|
|
|
|
srvh3 := &http3.Server{
|
|
Handler: mux,
|
|
EnableDatagrams: false, // https://quic.video/blog/never-use-datagrams/ (Read it)
|
|
IdleTimeout: 120 * time.Second,
|
|
TLSConfig: http3.ConfigureTLSConfig(&tls.Config{}),
|
|
QUICConfig: &quic.Config{
|
|
// KeepAlivePeriod: 10 * time.Second,
|
|
MaxIncomingStreams: 256, // I'm not sure if this is correct.
|
|
MaxIncomingUniStreams: 256, // Same as above
|
|
},
|
|
Addr: host + ":" + port,
|
|
}
|
|
|
|
syscall.Unlink(sock)
|
|
socket_listener, err := net.Listen("unix", sock)
|
|
|
|
if err != nil {
|
|
log.Println("Failed to bind to UDS, please check the socket name", err.Error())
|
|
} else {
|
|
defer socket_listener.Close()
|
|
// To allow everyone to access the socket
|
|
err = os.Chmod(sock, 0777)
|
|
if err != nil {
|
|
log.Println("Failed to set socket permissions to 777:", err.Error())
|
|
return
|
|
} else {
|
|
log.Println("Setting socket permissions to 777")
|
|
}
|
|
|
|
go srv.Serve(socket_listener)
|
|
log.Println("Unix socket listening at:", string(sock))
|
|
|
|
if https {
|
|
if _, err := os.Open(tls_cert); errors.Is(err, os.ErrNotExist) {
|
|
log.Panicf("Certificate file does not exist at path '%s'", tls_cert)
|
|
}
|
|
|
|
if _, err := os.Open(tls_key); errors.Is(err, os.ErrNotExist) {
|
|
log.Panicf("Key file does not exist at path '%s'", tls_key)
|
|
}
|
|
|
|
log.Println("Serving HTTPS at port", string(port)+"/tcp")
|
|
go func() {
|
|
if err := srv.ServeTLS(ln, tls_cert, tls_key); err != nil {
|
|
log.Fatal("Failed to server HTTP/2", err.Error())
|
|
}
|
|
}()
|
|
if h3s {
|
|
log.Println("Serving HTTP/3 (HTTPS) via QUIC at port", string(port)+"/udp")
|
|
go func() {
|
|
if err := srvh3.ListenAndServeTLS(tls_cert, tls_key); err != nil {
|
|
log.Fatal("Failed to serve HTTP/3:", err.Error())
|
|
}
|
|
}()
|
|
}
|
|
select {}
|
|
} else {
|
|
log.Println("Serving HTTP at port", string(port))
|
|
if err := srv.Serve(ln); err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
}
|
|
}
|
|
}
|